[VoiceOps] FCC RMD Naughty List

Nathan Anderson nathana at fsr.com
Wed Dec 11 02:09:42 EST 2024 

Wait, say what now?  I'm not even sure I understand how that kind of hijacking
is possible.  You'd have to be able to deduce who that provider's underlying
carriers are before you could attempt to engage in that kind of social
engineering with them, and as an IPES, there's nowhere either in our 499
filings or in the RMD filing where we are required to disclose that, either
publicly or privately/redacted.  (Unless I'm missing something?  We have never
disclosed that in any FCC filings, and yet we didn't get added to this
"naughty" list.  Furthermore, a read through of the required information listed
in this notice under II.3 absolutely does not say anywhere that you are
required to itemize who your specific upstreams are.)  I suppose you could
voluntarily disclose it in your RMD plan write-up, but...why would you, as that
just unnecessarily ties your hands and results in a bunch of self-inflicted
busy work (if you're going to list it, then you either have to maintain that
list, avoid bringing up new or tearing down old SIP trunks with various
underlying carriers, or risk having the disclosure become "stale").

 

Also, on a different but related note, this whole incomplete-RMD-filing issue
is a problem that the FCC kinda/sorta created themselves, and then decided
shirk their responsibility for doing so and saddle all of us with the
downstream consequences and threats.  Just to remind everybody of the history
here, this database as originally conceived by the brilliant minds in
Washington required that filers EITHER certified themselves as being wholly S/S
compliant, OR if not, then they had to supply a written mitigation plan.  If
you selected the "I am 100% S/S compliant" checkbox, it would NOT allow you to
upload a document attachment with any kind of written plan.  And if you first
filed as only partially compliant or not-yet-compliant, and added such a
document/attachment to your filing, and then after finishing your S/S
implementation you went back and UPDATED your filing to reflect your new 
complaince, the system would DELETE your previous attachment from your filing,
and not give you any option to submit a new one.  If you filed as 100%
compliant, you could not add an attachment, PERIOD.

 

Then one day they decided that maybe that was a bad idea, and required
everybody who was 100% complaint to drop everything & go back and add written
mitigation plans to their filings.

 

So far in the (admittedly few) minutes I've taken to check out a handful of
companies on this "naughty" list, virtually all of them are in the boat of
having checked the "100% compliant" checkbox, but not having a written RM plan
document attached to their filing.

 

-- Nathan

 

From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Mary Lou
Carey via VoiceOps
Sent: Tuesday, December 10, 2024 14:08
To: voiceops at voiceops.org
Subject: Re: [VoiceOps] FCC RMD Naughty List

 

The requirements for RMD changed and you now need to add a lot more
information. You only have 14 days to respond to the FCC, but MAKE SURE YOU
FILE YOUR 499 CONFIDENTIALLY! We have already learned of incidents where
scammers got ahold of company information and attempted to get the company's
underlying carriers to change the IP addresses for their SIP trunks so they
could hijack their network. We've brought this to the attention of the FBI and
FCC, but the FCC's only offer was to file them confidentially. I personally
think they're asking for way too much information and stupid to allow anyone's
information to be listed on a public site, but until they fix the problem its
up to carriers themselves to make sure their information is secure.

Ashley (with Equitel Compliance) and I (BackUP Telecom can help anyone that
needs to update their RMDs or get STIR/SHAKEN certified. 

MARY LOU CAREY 
BackUP Telecom Consulting 
Office: 615-791-9969 
Cell: 615-796-1111

 

On 2024-12-10 03:42 PM, Dave Russo via VoiceOps wrote:

    Here is the FCC order & list mentioned: https://docs.fcc.gov/public/
    attachments/DA-24-1235A1.pdf

     

    Also somewhat related, I'm curious how some companies that claim to be STIR
    /SHAKEN compliant and are listed on iconectiv's authorized provider list
    get away with not being fully FCC compliant?

     

    For example when we were looking for a new provider it came to my attention
    that Atheral is 5 years behind on its FCC 499 filings... Looks like it last
    filed in 2019: https://apps.fcc.gov/cgb/form499/499detail.cfm?FilerNum=
    832820

     

    Does this mean it can get shut down any time the FCC decides to do that?
    Will resellers that use them be at risk of losing service or subject to
    some FCC action themselves?

     

    -dr

     

     

    On Tue, Dec 10, 2024, at 2:17 PM, Mike Hammett via VoiceOps wrote:

        How many of you are on the Robocall Mitigation Database naughty list
        that the FCC just sent out?

         

        It'd be nice if they told you *WHY* your filing was deficient. Instead,
        they just generically list broad categories that you may or may not fit
        into.

         

         

         

        -----

        Mike Hammett

        Intelligent Computing Solutions

        http://www.ics-il.com

         

         

         

        Midwest Internet Exchange

        http://www.midwest-ix.com

         

         

        _______________________________________________

        VoiceOps mailing list

        VoiceOps at voiceops.org

        https://puck.nether.net/mailman/listinfo/voiceops

         

     

     

    _______________________________________________
    VoiceOps mailing list
    VoiceOps at voiceops.org
    https://puck.nether.net/mailman/listinfo/voiceops

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20241210/e0f57310/attachment-0001.htm>

More information about the VoiceOps mailing list